mirror of
https://github.com/BookStackApp/BookStack.git
synced 2024-10-01 01:36:00 -04:00
Reviewed addition to db table prefix
Review of #2935 - Removed from .env files and added warnings for use if found in config file. - Updated permission service to use whereColumn queries to auto-handle use of prefixes.
This commit is contained in:
Dan Brown
parent
0f66c8a0cc
commit
025442fcd9
@ -23,7 +23,6 @@ APP_URL=https://example.com
|
|||||||
# Database details
|
# Database details
|
||||||
DB_HOST=localhost
|
DB_HOST=localhost
|
||||||
DB_DATABASE=database_database
|
DB_DATABASE=database_database
|
||||||
DB_TABLE_PREFIX=
|
|
||||||
DB_USERNAME=database_username
|
DB_USERNAME=database_username
|
||||||
DB_PASSWORD=database_user_password
|
DB_PASSWORD=database_user_password
|
||||||
|
|
||||||
|
|||||||
@ -55,7 +55,6 @@ APP_PROXIES=null
|
|||||||
DB_HOST=localhost
|
DB_HOST=localhost
|
||||||
DB_PORT=3306
|
DB_PORT=3306
|
||||||
DB_DATABASE=database_database
|
DB_DATABASE=database_database
|
||||||
DB_TABLE_PREFIX=
|
|
||||||
DB_USERNAME=database_username
|
DB_USERNAME=database_username
|
||||||
DB_PASSWORD=database_user_password
|
DB_PASSWORD=database_user_password
|
||||||
|
|
||||||
|
|||||||
@ -603,17 +603,18 @@ class PermissionService
|
|||||||
/**
|
/**
|
||||||
* Filter items that have entities set as a polymorphic relation.
|
* Filter items that have entities set as a polymorphic relation.
|
||||||
*
|
*
|
||||||
* @param Builder|\Illuminate\Database\Query\Builder $query
|
* @param Builder|QueryBuilder $query
|
||||||
*/
|
*/
|
||||||
public function filterRestrictedEntityRelations($query, string $tableName, string $entityIdColumn, string $entityTypeColumn, string $action = 'view')
|
public function filterRestrictedEntityRelations($query, string $tableName, string $entityIdColumn, string $entityTypeColumn, string $action = 'view')
|
||||||
{
|
{
|
||||||
$tableDetails = ['tableName' => $this->db->getTablePrefix() . $tableName, 'entityIdColumn' => $entityIdColumn, 'entityTypeColumn' => $entityTypeColumn];
|
$tableDetails = ['tableName' => $tableName, 'entityIdColumn' => $entityIdColumn, 'entityTypeColumn' => $entityTypeColumn];
|
||||||
|
|
||||||
$q = $query->where(function ($query) use ($tableDetails, $action) {
|
$q = $query->where(function ($query) use ($tableDetails, $action) {
|
||||||
$query->whereExists(function ($permissionQuery) use (&$tableDetails, $action) {
|
$query->whereExists(function ($permissionQuery) use (&$tableDetails, $action) {
|
||||||
|
/** @var Builder $permissionQuery */
|
||||||
$permissionQuery->select(['role_id'])->from('joint_permissions')
|
$permissionQuery->select(['role_id'])->from('joint_permissions')
|
||||||
->whereRaw($this->db->getTablePrefix() . 'joint_permissions.entity_id=' . $tableDetails['tableName'] . '.' . $tableDetails['entityIdColumn'])
|
->whereColumn('joint_permissions.entity_id', '=', $tableDetails['tableName'] . '.' . $tableDetails['entityIdColumn'])
|
||||||
->whereRaw($this->db->getTablePrefix() . 'joint_permissions.entity_type=' . $tableDetails['tableName'] . '.' . $tableDetails['entityTypeColumn'])
|
->whereColumn('joint_permissions.entity_type', '=', $tableDetails['tableName'] . '.' . $tableDetails['entityTypeColumn'])
|
||||||
->where('action', '=', $action)
|
->where('action', '=', $action)
|
||||||
->whereIn('role_id', $this->getCurrentUserRoles())
|
->whereIn('role_id', $this->getCurrentUserRoles())
|
||||||
->where(function (QueryBuilder $query) {
|
->where(function (QueryBuilder $query) {
|
||||||
@ -639,8 +640,9 @@ class PermissionService
|
|||||||
$q = $query->where(function ($query) use ($tableDetails, $morphClass) {
|
$q = $query->where(function ($query) use ($tableDetails, $morphClass) {
|
||||||
$query->where(function ($query) use (&$tableDetails, $morphClass) {
|
$query->where(function ($query) use (&$tableDetails, $morphClass) {
|
||||||
$query->whereExists(function ($permissionQuery) use (&$tableDetails, $morphClass) {
|
$query->whereExists(function ($permissionQuery) use (&$tableDetails, $morphClass) {
|
||||||
|
/** @var Builder $permissionQuery */
|
||||||
$permissionQuery->select('id')->from('joint_permissions')
|
$permissionQuery->select('id')->from('joint_permissions')
|
||||||
->whereRaw($this->db->getTablePrefix() . 'joint_permissions.entity_id=' . $tableDetails['tableName'] . '.' . $tableDetails['entityIdColumn'])
|
->whereColumn('joint_permissions.entity_id', '=', $tableDetails['tableName'] . '.' . $tableDetails['entityIdColumn'])
|
||||||
->where('entity_type', '=', $morphClass)
|
->where('entity_type', '=', $morphClass)
|
||||||
->where('action', '=', 'view')
|
->where('action', '=', 'view')
|
||||||
->whereIn('role_id', $this->getCurrentUserRoles())
|
->whereIn('role_id', $this->getCurrentUserRoles())
|
||||||
|
|||||||
@ -69,6 +69,9 @@ return [
|
|||||||
'port' => $mysql_port,
|
'port' => $mysql_port,
|
||||||
'charset' => 'utf8mb4',
|
'charset' => 'utf8mb4',
|
||||||
'collation' => 'utf8mb4_unicode_ci',
|
'collation' => 'utf8mb4_unicode_ci',
|
||||||
|
// Prefixes are only semi-supported and may be unstable
|
||||||
|
// since they are not tested as part of our automated test suite.
|
||||||
|
// If used, the prefix should not be changed otherwise you will likely receive errors.
|
||||||
'prefix' => env('DB_TABLE_PREFIX', ''),
|
'prefix' => env('DB_TABLE_PREFIX', ''),
|
||||||
'prefix_indexes' => true,
|
'prefix_indexes' => true,
|
||||||
'strict' => false,
|
'strict' => false,
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user